On 12/14/13 7:38 AM, "Stephen Henson via RT" <r...@openssl.org> wrote: >Hmm... that's a weird one. The debug info tells me it is a TLS v1.0 >connection >and that it is attempting to use MD5 when calculating the handshake hash. >It >caches handshake records in the function ssl3_digest_cached_records() >using >pretty much the same logic that fails later on. That function wouldn't be >called if the handshake buffer was never initialised but it should be >initialised when the connection is accepted. > >So it looks like it's a "this can't happen error",,, > >There is a way of stopping the crash at that point by checking to see if >EVP_MD_CTX_copy returns an error (which is sensible anyway) but that's >fixing a >symptom rather than the underlying cause. > >Steve. >-- >Dr Stephen N. Henson. OpenSSL project core developer. >Commercial tech support now available see: http://www.openssl.org >
Thank you Steve. Not sure how to proceed from here, is there more information from the core dumps which would be useful? I suppose this could be an integration issue between traffic server and openssl, but I don't see how since we don't have any crash issues when SSL_OP_NO_TLSv1_2 is set in the call to SSL_CTX_set_options for the server ctx. Keep in mind that we could be dealing with a not-well-behaved or well intentioned client. Not knowing anything about SSL, could the original negotiation have been TLS v1.2 and then this crash when it attempted to switch to TLS v1.0? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org